Google Analystics

Friday, 7 December 2018

I was asked this question by an environmental engineer who lives and works in a developing country outside of North America and the EU. Here is my response with changes where necessary to preserve anonymity.

Thank you for your query.

I don’t want to over-complicate this and I am not sure how much you already know about auditing. I think it will be safest to proceed as if you do not know much even though, as an environmental engineer, you probably already know quite a lot.

There are 3 types of audit event.

Type 1 (or first party) audits are internal audits conducted by an organisation to assess its own compliance with regulations and conformity to standards.

Type 3 (or third party) audits are audits conducted at an organisation by a qualified, external auditor sent by an accredited ‘Certified Body’ of auditors at the request of the organisation. The purpose of a third party audit is to certify (or not) that an organisation has in place a management system that conforms effectively to one or more standards such as ISO 14001 (environmental) or ISO 9001 (quality). The certified body will issue a certificate of conformity upon a successful audit. Such certification audits are usually conducted every three years with a ‘surveillance audit’ annually in the intervening years. Third party auditors must undergo training, typically 4 or 5 days, and then observe a certain number of audit days (usually without remuneration) before being qualified to conduct third party audits themselves.

Type 2 (or second party) audits are audits conducted by a customer (actual or potential) upon a supplier (actual or potential) to determine whether the supplier meets prerequisite requirements that the customer judges to be reliable predictors of future satisfaction. Such customers typically have their own process for approving suppliers prior to placing large or important orders. Some customers waive or reduce the scope of second party audits if the supplier has certification to a standard such as ISO 9001.

People who are 3rd party auditors have almost always begun their auditing career as an internal (1st party) auditor in an organisation that has a particular certification such as ISO 9001 or ISO 14001. There they would have been trained in the standards to which their organisation has been certified, and trained to do internal auditing as a lead auditor. However, internal auditors do not have to be employees of the company they are auditing – they could be contractors. In your case, your company could send you on a training course for ISO 14001 (2 or 3 days) followed by lead auditor training (2 days). They could then offer to do internal audits as a service to its clients. It’s worth thinking about. If I were you I would want to observe or assist on the team on one or two audits prior to conducting an audit as a lead auditor. Additionally, you could conduct an internal audit at your employer with a view to providing a gap analysis.

I Googled “ISO 14001 training in <your country>” and see there are a few companies that offer lead auditor training, which is what you would want to do.

Wednesday, 7 November 2018

9.3.2 e) Effectiveness of actions addressing risks/opportunities.Anyone care to share how you measure and review the effectiveness of these actions?

So here is my short answer to this question: use Key Performance Indicators (KPIs).

Hopefully you have done something like a SWOT analysis in order to meet the requirements for6.1 Actions to address risks and opportunities.

SWOT Analysis Chart

Then, following on from that, you would also have some kind of strategic plan for maximising or leveraging strengths and opportunities, and mitigating, minimising or forestalling weaknesses and threats identified in your SWOT analysis. Out of that, again, you would have goals and objectives measurable with Key Performance Indicators (KPIs).

Friday, 31 August 2018

A prerequisite of any successful 6-Sigma DMAIC project is that the project be aligned with the strategic vision, goals and objectives of the organization.

What comes before the 'Define' phase is the selection of the most appropriate project to take the organization along that road.

Project proposals will define the problems at a high level: why is this a problem?If your organization does not have explicitly formulated goals and objectives aligned with a strategic vision, then you do not have the maturity to run a 6-Sigma project.

Monday, 27 August 2018

Yes - This is the wrong reason because if this is what is driving your organisation to seek ISO 9001 certification you are in for a rough ride. This is one of the reasons why ISO gets a bad rap from companies: both management and staff.

Thursday, 12 July 2018

You cannot decrease costs by focusing on the costs: decreased costs are a by-product of quality and productivity. "Improve constantly and forever the system of production and service, to improve quality and productivity, and thus constantly decrease costs." - W. E. Deming

Monday, 26 February 2018

"We're working proactively to address this as quickly as possible."

No, Sir. You cannot address an event proactively after it has happened. That is working REactively and is technically called a CORRECTION.

You can, and should, work proactively to prevent that exact same event recurring on that or any other vessel of the Canadian Navy. Technically, this is known as CORRECTIVE ACTION. If you decide that it was human error (as opposed to sabotage or bloody-mindedness which is deliberate,) then you have to ask, "What was missing in our procedures that allowed this human error to occur?" ...and then change the operational procedures accordingly. That would be the corrective action.

The fault is not with the seaman who screwed up, but with naval command who let that screw-up happen.

If this has never happened in a foreign navy but they, hearing about the Canadian debacle review their operational procedures and make changes to prevent such a thing happening in their navy, that is working proactively and is technically known as PREVENTIVE ACTION.